Security News

Spanish National Police have dismantled a cybercrime organization that used fake investment sites to defraud over €12.3 million from 300 victims across Europe. The threat actors then laundered money stolen from victims by moving it from Spanish banks to foreign financial entities where the criminals hoped it was away from the authorities' scrutiny or tracing ability.

Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan. "In this campaign, the threat actors impersonate government officials from the Attorney General's Office of Mexico City and from the Public Ministry in the form of spear-phishing emails in order to lure victims to download and execute 'Grandoreiro,' a prolific banking trojan that has been active since at least 2016, and that specifically targets users in Latin America," Zscaler said in a report.

The Spanish National Research Council last month was hit by a ransomware attack that is now attributed to Russian hackers. CSIC is a state agency for scientific research and technological development part of the Spanish Ministry of Science and Innovation but with a special status in that it has "Its own assets and treasury, functional and managerial autonomy."

Spanish law enforcement officials have announced the arrest of two individuals in connection with a cyberattack on the country's radioactivity alert network, which took place between March and June 2021. The act of sabotage is said to have disabled more than one-third of the sensors that are maintained by the Directorate-General for Civil Protection and Emergencies and used to monitor excessive radiation levels across the country.

A previously unknown Android banking trojan has been discovered in the wild, targeting users of the Spanish financial services company BBVA. Said to be in its early stages of development, the malware - dubbed Revive by Italian cybersecurity firm Cleafy - was first observed on June 15, 2022 and distributed by means of phishing campaigns. "The name Revive has been chosen since one of the functionality of the malware is restarting in case the malware stops working, Cleafy researchers Federico Valentini and Francesco Iubatti said in a Monday write-up."

The Spanish police have announced the arrest of 13 people and the launch of investigations on another seven for their participation in a phishing ring that stole online bank credentials. The threat actors used phishing lures to trick their victims into believing they received an alert from their bank and proceeded to steal their account credentials.

Spain's prime minister and defense minister are the latest elected officials to detect Pegasus spyware on their mobile phones, according to multiple media reports quoting Spanish authorities. During a press conference on Monday, Félix Bolaños, the minister for the presidency, told reporters that cellphones of Spanish prime minister Pedro Sánchez and defense minister Margarita Robles were both infected by NSO's notorious surveillance software last year.

Spain's National Police Agency, the Policía Nacional, said last week it dismantled an unnamed cybercriminal organization and arrested eight individuals in connection with a series of SIM swapping attacks that were carried out with the goal of financial fraud. The suspects of the crime ring masqueraded as trustworthy representatives of banks and other organizations and used traditional phishing and smishing techniques to obtain personal information and bank data of victims before draining money from their accounts.

The Spanish National Police have, at the request of America, arrested UK citizen Joseph O'Connor in Estepona, Spain, in connection with the July 2020 takeover of more than 130 Twitter accounts. The US Department of Justice said that, in addition to the alleged Twitter account joyride, O'Connor, 22, has been charged in a federal district court in northern California with computer intrusions tied to the commandeering of TikTok and Snapchat user accounts.

Controversial mogul and antivirus pioneer John McAfee on Wednesday died by suicide in a jail cell in Barcelona, hours after reports that he would be extradited to face federal charges in the U.S. McAfee was 75. Security personnel at the Brians 2 prison tried to revive McAfee, but he was eventually declared dead, per Associated Press.